Issue22 import ap iand page

.gitignore

@@ -1,3 +1,4 @@
+parsetab.py
 .editorconfig
 .jshintrc
 flask/

app/__init__.py

@@ -38,6 +38,7 @@
 from app.routes import tags
 from app.routes import tags_mapping
 from app.routes import files
+from app.routes import import_
 
 @app.before_first_request
 def setup_logging():

app/models/c2dns.py

@@ -47,7 +47,7 @@ def to_dict(self):
             reference_link=self.reference_link,
             reference_text=self.reference_text,
             expiration_type=self.expiration_type,
-            expiration_timestamp=self.expiration_timestamp.isoformat(),
+            expiration_timestamp=self.expiration_timestamp.isoformat() if self.expiration_timestamp else None,
             id=self.id,
             tags=tags_mapping.get_tags_for_source(self.__tablename__, self.id),
             addedTags=[],
@@ -57,5 +57,11 @@ def to_dict(self):
             comments=[comment.to_dict() for comment in comments]
         )
 
+    @classmethod
+    def get_c2dns_from_hostname(cls, hostname):
+        c2dns = C2dns()
+        c2dns.domain_name = hostname
+        return c2dns
+
     def __repr__(self):
         return '<C2dns %r>' % (self.id)

app/models/c2ip.py

@@ -2,6 +2,9 @@
 from app.routes import tags_mapping
 from app.models.comments import Comments
 
+import ipwhois
+import json
+
 class C2ip(db.Model):
     __tablename__ = "c2ip"
 
@@ -60,5 +63,25 @@ def to_dict(self):
             comments=[comment.to_dict() for comment in self.comments]
         )
 
+    @classmethod
+    def get_c2ip_from_ip(cls, ip):
+        whois = json.loads(ipwhois.IPWhois(ip))
+
+        c2ip = C2ip()
+        c2ip.ip = ip
+        c2ip.asn = whois.get("asn_description", None)
+
+        net = {}
+        for range in whois.get("nets", []):
+            if range["cidr"] == whois["asn_cidr"]:
+                net = range
+                break
+
+        c2ip.country = net.get("country", None)
+        c2ip.city = net.get("city", None)
+        c2ip.state = net.get("state", None)
+        return c2ip
+
+
     def __repr__(self):
         return '<C2ip %r>' % (self.id)

app/models/yara_rule.py

@@ -101,6 +101,22 @@ def make_yara_sane(text, type_):
         type_ = "%s:" if not type_.endswith(":") else type_
         return "\n\t".join([string.strip().strip("\t") for string in text.split("\n") if type_ not in string]).strip()
 
+    @classmethod
+    def get_yara_rule_from_yara_dict(cls, yara_dict):
+        yara_rule = Yara_rule()
+        yara_rule.name = yara_dict["rule_name"]
+
+        possible_fields = ["description, ""confidence", "test_status", "severity", "category", "file_type",
+                           "subcategory1", "subcategory2", "subcategory3"]
+        for possible_field in possible_fields:
+            if possible_field in yara_dict["metadata"].keys():
+                setattr(yara_rule, possible_field, yara_dict["metadata"][possible_field])
+
+        yara_rule.condition = " ".join(yara_dict["condition_terms"])
+        yara_rule.strings = "\n".join(
+            ["%s = %s %s" % (r["name"], r["value"], " ".join(r["modifiers"])) for r in yara_dict["strings"]])
+        return yara_rule
+
 
 class Yara_rule_history(db.Model):
     __tablename__ = "yara_rules_history"

app/routes/import_.py

@@ -0,0 +1,76 @@
+from flask import abort, jsonify, request
+from flask.ext.login import login_required, current_user
+from app import app, db
+from app.models import c2ip, c2dns, yara_rule, cfg_states
+from app.utilities import extract_artifacts
+
+
+#####################################################################
+
+def save_artifacts(artifacts):
+    state = "Imported"
+    return_artifacts = []
+
+    if not cfg_states.Cfg_states.query.filter_by(state=state).first():
+        db.session.add(cfg_states.Cfg_states(state=state))
+        db.session.commit()
+
+    for artifact in artifacts:
+        try:
+            if artifact["type"].lower() == "ip":
+                ip = c2ip.C2ip.get_c2ip_from_ip(artifact["artifact"])
+                ip.created_user_id, ip.modified_user_id = current_user.id, current_user.id
+                ip.state = state
+                db.session.add(ip)
+                return_artifacts.append(ip)
+            elif artifact["type"].lower() == "dns":
+                dns = c2dns.C2dns.get_c2dns_from_hostname(artifact["artifact"])
+                dns.created_user_id, dns.modified_user_id = current_user.id, current_user.id
+                dns.state = state
+                db.session.add(dns)
+                return_artifacts.append(dns)
+            elif artifact["type"].lower() == "yara_rule":
+                yr = yara_rule.Yara_rule.get_yara_rule_from_yara_dict(artifact["rule"])
+                yr.created_user_id, yr.modified_user_id = current_user.id, current_user.id
+                yr.state = state
+                db.session.add(yr)
+                return_artifacts.append(yr)
+        except:
+            pass
+
+    db.session.commit()
+    return [artifact.to_dict() for artifact in return_artifacts]
+
+
+#####################################################################
+
+@app.route('/InquestKB/import', methods=['POST'])
+@login_required
+def import_artifacts():
+    autocommit = request.json.get("autocommit", 0)
+
+    import_text = request.json.get('import_text', None)
+
+    if not import_text:
+        abort(404)
+
+    artifacts = extract_artifacts(import_text)
+
+    if autocommit:
+        artifacts = save_artifacts(artifacts)
+
+    return jsonify({"artifacts": artifacts})
+
+
+#####################################################################
+
+@app.route('/InquestKB/import/commit', methods=['POST'])
+@login_required
+def commit_artifacts():
+    artifacts = request.json.get("artifacts", None)
+
+    if not artifacts:
+        abort(404)
+
+    artifacts = save_artifacts(artifacts)
+    return jsonify({"artifacts": artifacts}), 201

app/static/index.html

@@ -11,11 +11,13 @@
     <link href="lib/ng-tags-input/ng-tags-input.css" rel="stylesheet">
     <link href="lib/angular-bootstrap/ui-bootstrap-csp.css" rel="stylesheet"/>
     <link href="css/codemirror.css" rel="stylesheet">
+    <link href="lib/angular-growl-v2/build/angular-growl.min.css" rel="stylesheet"/>
 
     <link href="css/app.css" rel="stylesheet">
 </head>
 <body>
 <div ng-controller="AuthController">
+    <div growl></div>
     <nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
         <div class="container">
             <div class="navbar-header">
@@ -56,6 +58,10 @@
                         <a href="#!/tags">Tags</a>
                     </li>
 
+
+                    <li>
+                        <a href="#!/import">Import</a>
+                    </li>
                 </ul>
                 <ul class="nav navbar-nav pull-right" ng-show="isLoggedIn()">
                     <li class="pull-right">
@@ -87,6 +93,7 @@
 <script src="lib/angular-ui-codemirror/ui-codemirror.min.js"></script>
 <script src="lib/ng-file-upload-shim/ng-file-upload-shim.js"></script> <!-- for no html5 browsers support -->
 <script src="lib/ng-file-upload/ng-file-upload.js"></script>
+<script src="lib/angular-growl-v2/build/angular-growl.min.js"></script>
 
 <script src="js/app.js"></script>
 
@@ -100,6 +107,7 @@
 <script src="js/tags/tags-controller.js"></script>
 <script src="js/tags_mapping/tags_mapping-controller.js"></script>
 <script src="js/authentication/authentication-controller.js"></script>
+<script src="js/import/import-controller.js"></script>
 <!-- /Controllers -->
 
 <!-- Services -->
@@ -113,6 +121,7 @@
 <script src="js/authentication/authentication-service.js"></script>
 <script src="js/comments/comments-service.js"></script>
 <script src="js/files/files-service.js"></script>
+<script src="js/import/import-service.js"></script>
 <!-- /Services -->
 
 </body>

app/static/js/app.js

@@ -1,6 +1,6 @@
 // Declare app level module which depends on filters, and services
-angular.module('InquestKB', ['ngResource', 'ngRoute', 'ui.bootstrap', 'ngSanitize', 'ui.select', 'ngTagsInput',
-                                'angular-toArrayFilter', 'ui.codemirror', 'ngFileUpload'])
+angular.module('InquestKB', ['ngResource', 'ngRoute', 'ui.bootstrap', 'ngSanitize', 'ui.select', 'ngTagsInput', 'angular-growl',
+    'angular-toArrayFilter', 'ui.codemirror', 'ngFileUpload'])
     .config(['$routeProvider', function ($routeProvider) {
         $routeProvider
             .when('/', {
@@ -62,22 +62,12 @@ angular.module('InquestKB', ['ngResource', 'ngRoute', 'ui.bootstrap', 'ngSanitiz
                 templateUrl: 'views/tags/tags.html',
                 controller: 'TagsController',
                 access: {restricted: true},
-                resolve:{
+                resolve: {
                     resolvedTags: ['Tags', function (Tags) {
                         return Tags.query();
                     }]
                 }
             })
-            // .when('/tags_mapping', {
-            //     templateUrl: 'views/tags_mapping/tags_mapping.html',
-            //     controller: 'Tags_mappingController',
-            //     access: {restricted: true},
-            //     resolve:{
-            //         resolvedTags_mapping: ['Tags_mapping', function (Tags_mapping) {
-            //             return Tags_mapping.query();
-            //         }]
-            //     }
-            // })
             .when('/yara_rules', {
                 templateUrl: 'views/yara_rule/yara_rules.html',
                 controller: 'Yara_ruleController',
@@ -87,11 +77,17 @@ angular.module('InquestKB', ['ngResource', 'ngRoute', 'ui.bootstrap', 'ngSanitiz
                         return Yara_rule.query();
                     }]
                 }
+            })
+            .when('/import', {
+                templateUrl: 'views/import/import.html',
+                controller: 'ImportController',
+                access: {restricted: true}
             }).otherwise({
             redirectTo: '/'
         });
 
-    }]);
+    }])
+;
 
 angular.module('InquestKB').run(function ($rootScope, $location, AuthService) {
 

app/static/js/import/import-controller.js

@@ -0,0 +1,35 @@
+'use strict';
+
+angular.module('InquestKB').controller('ImportController',
+    ['$scope', '$location', 'Import', 'growl',
+        function ($scope, $location, Import, growl) {
+
+            $scope.commit_artifacts = function () {
+                Import.commit_artifacts($scope.artifacts).then(function (data) {
+                    growl.info("Successfully committed " + data.length + " artifacts.", {ttl: 3000});
+                    $scope.clear();
+                });
+            }
+            $scope.import_artifacts = function () {
+
+                Import.import_artifacts($scope.import_text, $scope.autocommit).then(function (data) {
+                        if ($scope.autocommit) {
+                            growl.info("Successfully committed " + data.length + " artifacts.", {ttl: 3000});
+                            $scope.clear();
+                        } else {
+                            $scope.artifacts = data;
+                        }
+
+
+                    }
+                );
+            };
+
+            $scope.clear = function () {
+                $scope.import_text = "";
+                $scope.autocommit = false;
+                $scope.artifacts = null;
+            };
+
+        }]);
+

app/static/js/import/import-service.js

@@ -0,0 +1,47 @@
+angular.module('InquestKB').factory('Import',
+    ['$q', '$timeout', '$http',
+        function ($q, $timeout, $http) {
+
+
+            // return available functions for use in controllers
+            return ({
+                import_artifacts: import_artifacts,
+                commit_artifacts: commit_artifacts
+            });
+
+            function import_artifacts(import_text, autocommit) {
+
+                autocommit = (typeof autocommit !== 'undefined') ? autocommit : 0;
+
+                // send a post request to the server
+                return $http.post('/InquestKB/import', {import_text: import_text, autocommit: autocommit})
+                    .then(function (success) {
+                            if (success.status === 200 && success.data.artifacts) {
+                                return success.data.artifacts;
+                            } else {
+                                //TODO
+                            }
+                        }, function (error) {
+                            //TODO
+                        }
+                    );
+
+            }
+
+            function commit_artifacts(artifacts) {
+                // send a post request to the server
+                return $http.post('/InquestKB/import/commit', {artifacts: artifacts})
+                    .then(function (success) {
+                        if (success.status === 201 && success.data.artifacts) {
+                            return success.data.artifacts;
+                        } else {
+                            //TODO
+                        }
+                    }, function (error) {
+                        //TODO
+                    });
+
+            }
+
+
+        }]);

app/static/js/yara_rule/yara_rule-controller.js

@@ -1,8 +1,8 @@
 'use strict';
 
 angular.module('InquestKB')
-    .controller('Yara_ruleController', ['$scope', '$uibModal', 'resolvedYara_rule', 'Yara_rule', 'Cfg_states',
-        function ($scope, $uibModal, resolvedYara_rule, Yara_rule, Cfg_states) {
+    .controller('Yara_ruleController', ['$scope', '$uibModal', 'resolvedYara_rule', 'Yara_rule', 'Cfg_states', 'Files',
+        function ($scope, $uibModal, resolvedYara_rule, Yara_rule, Cfg_states, Files) {
 
             $scope.yara_rules = resolvedYara_rule;
 
@@ -83,8 +83,8 @@ angular.module('InquestKB')
                 });
             };
         }])
-    .controller('Yara_ruleSaveController', ['$scope', '$http', '$uibModalInstance', 'yara_rule', 'Cfg_states', 'Comments',
-        function ($scope, $http, $uibModalInstance, yara_rule, Cfg_states, Comments) {
+    .controller('Yara_ruleSaveController', ['$scope', '$http', '$uibModalInstance', 'yara_rule', 'Cfg_states', 'Comments', 'Files',
+        function ($scope, $http, $uibModalInstance, yara_rule, Cfg_states, Comments, Files) {
             $scope.yara_rule = yara_rule;
             $scope.yara_rule.new_comment = "";
             $scope.Comments = Comments;